Risk Assessment

The Risk Assessment covers the analysis and evaluation of identified risk factors related to the seven Integrated Risk Framework (IRF) components: Strategic, Programmes, Funding Proposals, Processes, Projects, ICT, and Humanitarian. The process includes the assessment of underlying causes, likelihood, potential impact, assignment of focal points, and consideration of the organization’s risk appetite, while taking into account the effectiveness of existing Control Self-Assessment (CSA) controls and practices mapped to the relevant risks. The assessment process follows the periodicity and ERM calendar established by the Enterprise Risk Management Function (ERMF).

The objective is to enable first-line responders to conduct objective risk assessments and make appropriately risk-informed decisions. Heads of units are required to complete the assessment using a consultative, disciplined, and systematic approach.

Risk assessment is the iterative process of risk analysis and evaluation. The objective is to provide sufficient necessary information at appropriate suitable intervals for risk-informed management decisions. Robust risk assessments allow for greater acceptance of risk-taking opportunities (such as innovation, operational efficiencies, and maximizing existing synergies in processes) while ensuring rigorous monitoring and control of risks.  

Risk analysis entails understanding the risks, and considering root causes with their consequences. The likelihood that those consequences can occur, provides input to the choice of the most appropriate risk response strategies.  The risk assessment will be conducted on the myRisk 2.0 application. Steps are as follows: